csrl
csrl
Here is semi psuedo code example of what would be great to have supported out of the box, by simply allowing `cacert` to match the self signed cert itself. ```erlang...
Also, I realize my original report was a large wall of text, but if you could take a second look, I think your response is fully addressed in it.
Yes, understood the the old default was verify_none. I do not view this issue as a regression, but that the new default requiring peer validation does not work for self...
I think we agree on that "first time when we receive a arbitrary self-signed lets put it into our trusted store" is not a secure approach. Rather, the perspective is,...
From the RFC: "Usually, the last certificate is an end entity certificate, but it can be a CA certificate." I guess I see your position when `basicConstraints=CA:false` on a self...
Can you share your openssl validation check? ``` $ openssl s_client -connect self-signed.badssl.com:443 -verify_return_error -verify_quiet -quiet Connecting to 104.154.89.105 depth=0 C=US, ST=California, L=San Francisco, O=BadSSL, CN=*.badssl.com verify error:num=18:self-signed certificate 40E722A2E8720000:error:0A000086:SSL...
``` $ openssl s_client -connect self-signed.badssl.com:443 -verifyCAfile cert.pem |grep "Verification: OK" Connecting to 104.154.89.105 depth=0 C=US, ST=California, L=San Francisco, O=BadSSL, CN=*.badssl.com verify return:1 Verification: OK ^C ```
Thank you for the follow up. I do not think it is necessary to agree that self signed certificate are less secure or not - they exist and are in...
I guess I'm having a difficult time understanding your perspective, so I'm not sure how to respond. In node.js "https" module, which consumes the "tls" module, provides a "ca" option...
Self signed certificate has no technical difference in transport security. What is apparently being discussed is PKI and how a user assigns trust. I understand you are asserting that trusting...